CVE-2015-5295
published 2016-01-20CVE-2015-5295: The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users…
medium5.4CVSS 3.0
AVNACLPRLUINSUCLINAL
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | heat | < heat 1:6.0.0~rc3-1 (bookworm) | heat 1:6.0.0~rc3-1 (bookworm) |
| fedoraproject | fedora | — | — |
| openstack | heat | >= 0 < 1:6.0.0~rc3-1 | 1:6.0.0~rc3-1 |
| openstack | heat | >= 0 < 1:6.0.0~rc3-1 | 1:6.0.0~rc3-1 |
| openstack | heat | >= 0 < 1:6.0.0~rc3-1 | 1:6.0.0~rc3-1 |
| openstack | heat | >= 0 < 1:6.0.0~rc3-1 | 1:6.0.0~rc3-1 |
| openstack | orchestration_api | >= 2015.1.0 < 2015.1.3 | 2015.1.3 |
| openstack | orchestration_api | >= 5.0.0 < 5.0.1 | 5.0.1 |
| oracle | solaris | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
osv5.4MEDIUM